ManualsPro opentext opentext ArcSight Intelligence with Microsoft Defender for Endpoint User Guide

opentext ArcSight Intelligence with Microsoft Defender for Endpoint User Guide

June 1, 2024
opentext

OpenText-LOGO

opentext ArcSight Intelligence with Microsoft Defender for Endpoint

opentext-ArcSight-Intelligence-with-Microsoft-Defender-for-Endpoint- PRODUCT

Product Information

Specifications

  • Product Name: ArcSight Intelligence with Microsoft Defender for Endpoint
  • Functionality: Advanced behavioral analytics paired with rich telemetry for threat detection
  • Vendor: OpenTextTM

Product Usage Instructions

Overview of ArcSight Intelligence with Microsoft Defender for Endpoint
ArcSight Intelligence is a User Entity Behavior Analytics (UEBA) solution that leverages machine learning to identify anomalies in user, server, and endpoint behavior within an organization. When integrated with Microsoft Defender for Endpoint, it provides enhanced threat detection capabilities.

Key Features

  • Behavioral Analytics: Identifies normal behavior and alerts on anomalies
  • Insider Threat Detection: Detects insider threats, novel attacks, and APTs
  • Integration with Microsoft Defender: Utilizes rich telemetry for advanced threat detection
  • Contextual Insights: Provides relevant insights to threat hunters for quick response

Getting Started
 To begin using ArcSight Intelligence with Microsoft Defender for Endpoint:

  1. Ensure both solutions are properly installed and configured in your enterprise environment.
  2. Set up integration between ArcSight Intelligence and Microsoft Defender for Endpoint.
  3. Review user guides and training materials for detailed usage instructions.

Real-World Example
 Consider a scenario where ArcSight Intelligence detects anomalous behavior in an employee attempting to exfiltrate data during a layoff situation. The solution raises the employee’s risk score and provides contextual evidence to prevent data loss.

Frequently Asked Questions (FAQ)

  • Q: How does ArcSight Intelligence adapt to changing security threats?
    A: ArcSight Intelligence utilizes machine learning to adapt to evolving threats without manual intervention, ensuring security teams can focus on current threats.

  • Q: Can ArcSight Intelligence work independently without Microsoft Defender integration?
    A: While integration with Microsoft Defender enhances threat detection capabilities, ArcSight Intelligence can function independently but with reduced effectiveness in detecting advanced threats.

  • Q: What types of attacks has ArcSight Intelligence helped prevent?
    A: ArcSight Intelligence has successfully prevented insider threats, data exfiltration attempts, and advanced persistent threats (APTs) by leveraging behavioral analytics and telemetry data.

ArcSight Intelligence with Microsoft Defender for Endpoint at a Glance

  • Advanced insider threat, novel attack, and APT detection
  • Detection that evolves with your constantly changing attack surface
  • Distill billions of events into a handful of actionable leads
  • Risk aggregation enabling low and slow attack detection
  • Do more with your Microsoft Defender for Endpoint data

The Power of Behavioral Analytics

Defending an organization from attacks is expensive, time-consuming, and exhausting. While the attacker need only be right once, defenders need to be right 24/7. Because of this, defenders must have the right tools in place to catch threats before damage can be done. User Entity Behavior Analytics (UEBA) is one of these tools.

ArcSight Intelligence by OpenText™, a UEBA solution, uses machine learning to identify “normal” behaviour for entities (users, servers, endpoints, etc.) in an organization, finding and alerting threat hunters when anomalies are detected. Where rules, thresholds, and pattern-matching techniques of traditional security tools are adept at catching known threats, Intelligence is adept at catching unknown threats.

Intelligence provides context-rich leads allowing threat hunters to focus less on hypotheses-based hunting and more on detecting and preventing attacks in progress. Not only does ArcSight Intelligence improve your threat hunters’ effectiveness, it also improves your overall SOC efficiency. Unlike other tools that require frequent updating of rules and thresholds to remain relevant and reduce false positives, Intelligence continually adapts and evolves with your changing organization, automatically.

Improving Effectiveness
During the COVID-19 pandemic, many security teams were inundated with false positives as companies adopted work-from-home policies. While Intelligence did show higher than normal risk scores during the transition, Intelligence automatically adjusted to the new normal within days without any intervention. This allowed overworked security teams to remain focused on current threats rather than updating their detection tools.

Essential to Advancing Defender’s Security

ArcSight Intelligence effectively detects insider threats, novel attacks, and APTs by repurposing the rich telemetry that is already being produced by the Microsoft Defender endpoints in your enterprise.

Microsoft Defender for Endpoint telemetry is especially powerful when used for behavioural analytics since it records events that take place on individual endpoints and across all endpoints in an organization. With Microsoft Defender telemetry, ArcSight Intelligence can detect attack scenarios such as:

  • Data staging/exfiltration
  • Unusual uploads/downloads
  • Account compromise and misuse
  • High risk IP/data access
  • Unusual traffic and connections
  • And more

With just the Microsoft Defender data, Intelligence is not only able to detect these attack scenarios but provide contextual and relevant insights to threat hunters to quickly determine the best way to stop a threat from becoming a major security incident.

Intelligence with EDR solutions like Microsoft Defender has detected and helped stop real attacks including:

  • 3rd party supply chain attacks
  • Nation state attacks
  • Advanced reconnaissance
  • Sensitive file accesses/exfiltration
  • Password guessing on C-Suite accounts (and more)

Preventing Layoff Data Exfiltration
During a round of layoffs an ArcSight Intelligence customer wanted to ensure outgoing employees were not walking off with company secrets. Using Intelligence with EDR data, the customer detected an employee logging in outside of their normal working hours and attempting to transfer 4,000 plus files to a removable device.

When confronted about the files, the employee assured the security team that he wasn’t doing anything shady and promised not to transfer files again. Less than a week later the employee increased their risk score by running an application that had never been run by anyone in the company and then attempting to move over 800 GB of data to a removeable drive in a single transfer prompting the security team to take further action. Despite a change in attack vectors and an attempt to hide their real intent, ArcSight Intelligence was able to detect the employee’s anomalous behavior, raise their risk score, and provide the contextual evidence needed to prevent further damage.

Microsoft Defender + Microsoft Entra ID with Intelligence

While ArcSight Intelligence is effective at using Microsoft Defender for Endpoint data to detect threats originating from company-controlled endpoints, an organization’s digital footprint and attack surface extends beyond physical hardware and devices. Microsoft Entra ID (Formerly Azure Active Directory) data is an excellent source of telemetry for Intelligence that gives security teams powerful insights into unusual user authentication attempts, cloud, or web application access, and more.

When paired together, Microsoft Defender telemetry and Microsoft Entra data complement each other and expand your visibility of relationships between endpoint and cloud entities. Combining endpoint, active directory, and cloud application (Office365 and SharePoint) data, Intelligence can follow threats as they move between endpoint and cloud, highlighting potentially risky entities faster than with endpoint data alone.

Connect with Us:www.opentext.com

Learn more at: www.arcsight.com/intelligence

OpenText Cybersecurity provides comprehensive security solutions for companies and partners of all sizes. From prevention, detection and response to recovery, investigation and compliance, our unified end-to-end platform helps customers build cyber resilience via a holistic security portfolio. Powered by actionable insights from our real-time and contextual threat intelligence, OpenText Cybersecurity customers benefit from high efficacy products, a compliant experience and simplified security to help manage business risk.
761-000115-002

Read User Manual Online (PDF format)

Loading......

Download This Manual (PDF format)

Download this manual  >>

opentext User Manuals

opentext IM Progressive Handovers Instructions
opentext
opentext ArcSight Intelligence with Microsoft Defender for Endpoint User Guide
opentext
opentext 16 Voltage Secure Data User Guide
opentext
OpenText 24677 Digital Friction Holds Back Today’s Business White Paper User Guide
opentext
OpenText Insurance Industry Insider Software User Guide
opentext
opentext TD4 Forensic Duplicator User Guide
opentext
opentext Tableau Forensic T6u SAS Bridge User Guide
opentext
opentext Intelligent Capture for SAP Solutions User Guide
opentext
opentext TD2u Tableau Forensic Duplicator User Guide
opentext
opentext EnCase Forensic Software User Guide
opentext
opentext TC2-8-R2 Tableau Forensic Universal Bridge User Guide
opentext
opentext Recon Investigations Software User Guide
opentext
opentext Core Case Management Software User Guide
opentext
opentext Tag Cyber Managed Detection and Response Software Instructions
opentext
opentext Tag Cyber Digital Forensics Law Enforcement Software Instructions
opentext
openText 25127 Core for SAP Success Factors User Guide
opentext
opentext Tableau Forensic T35u/T35u-RW SATA/IDE Bridge User Guide
opentext
opentext TX1 Tableau Forensic Imager User Guide
opentext
opentext T7U Tableau Forensic PCIe Bridge User Guide
opentext
opentext T8U Tableau Forensic USB Bridge User Guide
opentext

Related Manuals

Razor W13112163017, W13112144017 Power Core E90 Sprint Foot Platforms Replacement Instructions
Razor
HITACHI 24HE2300W 24 Inches LED Smart White User Manual
Hitachi
makita EM403MP Brushcutter Attachment Instruction Manual
Makita
icar IK206 GPS Tracker User Manual
icar
RoHS USb Professional Recording Microphone Instruction Manual
RoHS
HOME ACCENTS Holiday 22RT1962214 3ft Yuletide Lane LED Penguin with Candy Cane Instruction Manual
HOME ACCENTS Holiday
IKEA IVAR Side Unit Instructions
Ikea
PROWORLD MP354 Semi Auto Heat Press User Guide
PROWORLD
D-Link DIR-600 Wireless N150 Home Router User Manual
D-Link
ASHLEY L235594 Table Lamp Instruction Manual
Ashley
BenQ QS02 HDMI Media Streaming Remote Control User Guide
BenQ
COLOR MASTER SK653 Wireless Keyboard User Guide
COLOR MASTER
TEETER Contour L3 Inversion Table Owner’s Manual
Teeter
LINORTEK ITrixx MQTT Gateway and WFMN Bundle Instructions
LINORTEK
LUCIDE 74410-01-65 Zino Pendant Light Installation Guide
LUCIDE
datavideo PTC-140 HD PTZ Robotic Camera User Guide
Datavideo
soundmaster 2023/24 Speaker Box Clock Radio Turntable User Manual
soundmaster
TOBI 655333E5C Robot Smartwatch User Guide
TOBI
Sunnydaze DECOR Diamond Weave Fire Pit Instruction Manual
Sunnydaze DECOR
FORTINET EVOGMT6 Stand Alone Add On Remote Start Car Starter System Installation Guide
FORTINET
BOKE BK-DLL042 Dimmable LED Driver Owner’s Manual
BOKE
DOMUS Lighting 22772 PDT Dimmable Pendant Installation Guide
DOMUS LIGHTING
pureit RO UV MF Eco Water Saver Mineral Instruction Manual
pureit
REED INSTRUMENTS R7200 LED Stroboscope Instruction Manual
REED INSTRUMENTS
Antelope Audio ATLAS i8 Isobaric Active 3-Way Monitor Speaker User Manual
Antelope Audio
AEMAX N18 Smart Bracelet Smartwatch User Manual
AEMAX
Satel AGD-200 Wireless Glass-Break Detector Instruction Manual
Satel
FASELASE 2D Lidar S5 Industrial Obstacle Sensor User Manual
FASELASE
IMI Hydronic Engineering TA-BVS 240 Balancing Valves Instruction Manual
IMI Hydronic Engineering
CANARM SD24-F1 Standard Exhaust Fans Instruction Manual
CANARM
Contact Us   Privacy Policy   5.455ms